CrowdStrike has identified a new supply chain attack during the installation of a chat-based customer engagement platform, the Comm100 Live Chat application, which was being deployed in North America and Europe.
REFERENCE: https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
TAGS: comm100, js backdoor, tour, supply chain, trojanized installer, remote shell, dll side-loading, c2 domains
INDUSTRIES: Telecommunications, Manufacturing, Technology, Healthcare
ATT&CK IDS: T1195 - Supply Chain Compromise, T1055 - Process Injection, T1003 - OS Credential Dumping, T1140 - Deobfuscate/Decode Files or Information, T1059 - Command and Scripting Interpreter, T1574 - Hijack Execution Flow, T1569 - System Services, T1543 - Create or Modify System Process, T1592 - Gather Victim Host Information, T1021 - Remote Services, T1041 - Exfiltration Over C2 Channel, T1104 - Multi-Stage Channels
Read More:
Opmerkingen